I’ve wasted a full Sunday trying to figure out the SSL stuff with no luck. I’ve followed this Documentation.
I’ve created the certificates according to the documentation. Note, the “config” directory wasn’t there so I had to create it to match the docs.
$ pwd
/usr/share/hassio/homeassistant
$ ls -lh
total 14M
-rwxrwxr-x. 1 root root 1.3K May 17 18:33 automations.yaml
drwxr-xr-x. 2 root root 44 May 17 19:34 config
-rwxrwxr-x. 1 root root 523 May 17 22:37 configuration.yaml
-rwxrwxr-x. 1 root root 282 May 8 20:38 customize.yaml
drwxrwxr-x. 2 root root 6 May 7 22:53 deps
-rwxrwxr-x. 1 root root 0 May 7 22:53 groups.yaml
-rwxrwxr-x. 1 root root 140 May 17 22:37 home-assistant.log
-rwxrwxr-x. 1 root root 14M May 17 22:55 home-assistant_v2.db
-rwxrwxr-x. 1 root root 0 May 7 22:53 scenes.yaml
-rwxrwxr-x. 1 root root 0 May 7 22:53 scripts.yaml
-rwxrwxr-x. 1 root root 163 May 17 22:40 secrets.yaml
drwxr-xr-x. 2 root root 44 May 17 21:47 ssl
drwxrwxr-x. 2 root root 6 May 7 22:53 tts
$ ls -lh config
total 8.0K
-rw-------. 1 root root 2.1K May 17 19:28 fullchain.pem
-rw-------. 1 root root 3.2K May 17 19:28 privkey.pem
Configuration.yaml:
# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:
# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
base_url: https://myhomeassistant.com:8123
ssl_certificate: /config/fullchain.pem
ssl_key: /config/privkey.pem
# Text to speech
tts:
- platform: google_translate
group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
homeassistant:
customize: !include customize.yaml
There are 2 problems I’m experiencing:
With the current configuration settings, my hassio will start up in Safe Mode
That’s where you’re going wrong. The ‘/config’ directory is a mapped directory in your homeassistant docker container.
The actual directory on the host machine is /usr/share/hassio/homeassistant . So if you have created a directory inside there called config, then the path to it inside the container will be /config/config/*
Thank you Marc! You’re spot on. Glad I included that detail. Wouldn’t have figured out that the entire /usr/share/hassio/homeassistant is the config directory.
I’ve moved the fullchain.pem and prikey.pem to /usr/share/hassio/homeassistant/, restarted docker and it worked.
$ pwd
/usr/share/hassio/homeassistant
$ $ ls -lh
total 22M
-rwxrwxr-x. 1 root root 1.3K May 17 18:33 automations.yaml
-rwxrwxr-x. 1 root root 519 May 20 15:34 configuration.yaml
-rwxrwxr-x. 1 root root 282 May 8 20:38 customize.yaml
drwxrwxr-x. 2 root root 6 May 7 22:53 deps
-rw-------. 1 root root 2.1K May 17 19:28 fullchain.pem
-rwxrwxr-x. 1 root root 0 May 7 22:53 groups.yaml
-rwxrwxr-x. 1 root root 2.2K May 20 15:36 home-assistant.log
-rwxrwxr-x. 1 root root 22M May 20 15:37 home-assistant_v2.db
-rw-------. 1 root root 3.2K May 17 19:28 privkey.pem
-rwxrwxr-x. 1 root root 0 May 7 22:53 scenes.yaml
-rwxrwxr-x. 1 root root 0 May 7 22:53 scripts.yaml
-rwxrwxr-x. 1 root root 163 May 17 22:40 secrets.yaml
drwxr-xr-x. 2 root root 44 May 17 21:47 ssl
drwxrwxr-x. 2 root root 6 May 7 22:53 tts
$ docker restart homeassistant
I assume you have reconfigured the app to use the new HTTPS url instead of just HTTP.? But, assuming that …
I would say (but am not sure) the Android App is using the Android “Webview” component to render the HA website inside the app. The Webview cannto handle self signed certs (or others that it cant verify the root cert for)